So this is exciting, though in practice I don’t think it will impact people as these require wifi within range so “remote” isn’t quite the same threat model as traditional network attacks.
There are five distinct vulnerabilities, 3 of which provide remote code execution in the kernel, if you are on the same wifi network as the attacker. As far as I can make out from the description these attacks are via the wifi frames themselves so nothing you do at the application level (TLS, etc) protects against them.
One of the attacks at least only requires proximity to an attacker network not an actual connection, as it triggers kernel corruption when scanning for networks. The report says it’s just a DoS however.
It changes the usual understanding of remote for sure. On one hand side it means you can’t just scan the internet for targets. On the other, you can drive up to your selected target easily. (or fly to it with a drone and drop off a small device to relay the attack)
Oh I agree, it is an RCE, and it is severe in one sense but not another. I feel what we need are a N-dimensional vector to describe how bad an attack is, then we can compute the magnitude of that vector! :) even the angle between one attack and another!
So this is exciting, though in practice I don’t think it will impact people as these require wifi within range so “remote” isn’t quite the same threat model as traditional network attacks.
There are five distinct vulnerabilities, 3 of which provide remote code execution in the kernel, if you are on the same wifi network as the attacker. As far as I can make out from the description these attacks are via the wifi frames themselves so nothing you do at the application level (TLS, etc) protects against them.
One of the attacks at least only requires proximity to an attacker network not an actual connection, as it triggers kernel corruption when scanning for networks. The report says it’s just a DoS however.
It changes the usual understanding of remote for sure. On one hand side it means you can’t just scan the internet for targets. On the other, you can drive up to your selected target easily. (or fly to it with a drone and drop off a small device to relay the attack)
Oh I agree, it is an RCE, and it is severe in one sense but not another. I feel what we need are a N-dimensional vector to describe how bad an attack is, then we can compute the magnitude of that vector! :) even the angle between one attack and another!